Your rights online

After a member of the information security community provided evidence to Facebook's chief information security officer, the company has terminated a security engineer who allegedly used their work position to stalk women online. From a report: On Monday, Motherboard reported that Facebook was investigating a claim that one of its employees used access to data granted by their job to stalk women online. Facebook has since terminated the employee, Facebook confirmed to Motherboard on Tuesday, coincidentally shortly after the social media giant announced its upcoming dating service. "We are investigating this as a matter of urgency. It's important that people's information is kept secure and private when they use Facebook," Alex Stamos, Facebook's chief information security officer, told Motherboard in a statement.

An anonymous reader shares a report: Nikola Tesla invented alternating electrical current. Nikola Motors is a mobility company working on a hydrogen-powered semi truck. Tesla makes fully electric vehicles and last December unveiled its EV Semi. Nikola Motors is suing Tesla Motors over patent infringements, according to Electrek. Nikola alleges that Tesla infringes on three of its patents: fuselage design, a wraparound windshield on a semi truck and a mid-entry door. Nikola claims that these design similarities have "caused confusion" among customers and stolen away over $2 billion in business, and that if problems arise with Tesla's Semi (like battery fires or glitches with autonomous driving), they'll be attributed to Nikola. Typical patent troll stuff.

A coalition of Silicon Valley tech giants has doubled down on its criticism of encryption backdoors following a proposal that would give law enforcement access to locked and encrypted devices. From a report: The group, which focuses on efforts to reform government surveillance, said in a statement that it continues to advocate for strong encryption, and decried attempts to undermine the technology. "Recent reports have described new proposals to engineer vulnerabilities into devices and services -- but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement read. The renewed criticism follows a lengthy Wired article, in which former Microsoft software chief Ray Ozzie proposed a new spin on key escrow. Device encryption has hampered police investigations, and law enforcement officials have pushed tech companies to fix the problem -- even by way of suing them.

GitHub has sent an email to some of its 27 million users alerting them of a bug that exposed some user passwords in plaintext. "During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users' passwords to our internal logging system," said the email. "We have corrected this, but you'll need to reset your password to regain access to your account." ZDNet reports: The email said that a handful of GitHub staff could have seen those passwords -- and that it's "unlikely" that any GitHub staff accessed the site's internal logs. It's unclear exactly how this bug occurred. GitHub's explanation was that it stores user passwords with bcrypt, a stronger password hashing algorithm, but that the bug "resulted in our secure internal logs recording plaintext user passwords when users initiated a password reset." "Rest assured, these passwords were not accessible to the public or other GitHub users at any time," the email said. GitHub said it "has not been hacked or compromised in any way."

A newly released letter from government officials finds that Republican FCC commissioner Michael O'Reilly broke a federal law preventing officials from advocating for political candidates when he told a crowd that one way to avoid policy changes was to "make sure that President Trump gets reelected." The Verge reports: After he made the comments, the watchdog group American Oversight filed a letter with the Office of Special Counsel, which handles Hatch Act complaints. In response to the group's letter, the Office of Special Counsel said today that O'Rielly did, in fact, violate the Hatch Act. The letter said O'Rielly responded that he was only trying to provide an explanatory answer to how those changes in policy could be stopped, but the office rejected that reasoning. The office said it has sent a warning letter to O'Rielly this time, but will consider other infractions "a willful and knowing violation of the law" that could lead to legal action.

California, along with seventeen other states, announced a lawsuit against the Environmental Protection Agency today over its recent rollback of Obama-era vehicle emissions and fuel economy standards. The states argue that the EPA "acted arbitrarily and capriciously" in overturning the previous administration's decision. The Verge reports: The standards in question were drawn up in 2009 and adopted in 2012. They laid out a path for automakers to reduce overall greenhouse gas emissions by reaching an average fleet fuel economy of 54.5 miles per gallon by 2024. Since the program was charting a course that stretched out more than a decade into the future, it was written into the rules that the EPA would have to perform a "mid-term evaluation" before April 1st, 2018. This review would serve two purposes: assess whether automakers were on track, and then use that information to determine if the last section of the standards (which apply to model year 2022-2025 cars) were still feasible.
The EPA, under Barack Obama, kicked off this review process ahead of schedule in the summer of 2016 when it published an extensive 1,200-page technical assessment that analyzed whether the standards were working. In January 2017, the outgoing EPA wrapped this evaluation and determined that the bar was not set too high. In fact, it argued, automakers were overwhelmingly compliant. The Trump EPA's decision in April did not set new standards -- it simply argued that there were problems with the existing standards. In the meantime, the agency and the Department of Transportation are currently working together to craft and officially propose new standards. But the previous standards that the EPA said were inappropriate will technically remain in place until that happens.

An anonymous reader quotes a report from Engadget: Nintendo is under investigation by the U.S. International Trade Commission, and the fate of the Switch hangs in the balance. Gamevice, the company behind the Wikipad and a line of snap-on controllers for mobile devices, says the Nintendo Switch violates its patents on attachable handheld gamepads and their related accessories. Alleging violations of the Tariff Act of 1930, Gamevice is requesting a cease and desist order against Nintendo, a move that would halt imports of the Switch into the U.S. The USITC notes that while its investigation has begun, it hasn't ruled on the validity of the complaint. The commission will hold an evidentiary hearing to determine whether Nintendo is in violation of the Tariff Act, with a final decision "at the earliest practicable time." The USITC will announce a target date for the end of the investigation within 45 days.

An anonymous reader quotes a report from The Verge: The team behind secure messaging app Signal says Amazon has threatened to kick the app off its CloudFront web service unless Signal drops the anti-censorship practice known as domain-fronting. Google recently banned the practice, which lets developers disguise web traffic to look like it's coming from a different source, allowing apps like Signal to evade country-level bans. As a result, Signal moved from Google to the Amazon-owned Souq content delivery network. But Amazon implemented its own ban on Friday. In an email that Moxie Marlinspike -- founder of Signal developer Open Whisper Systems -- posted today, Amazon orders the organization to immediately stop using domain-fronting or find another web services provider. Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to shut down Signal. "The idea behind domain fronting was that to block a single site, you'd have to block the rest of the internet as well. In the end, the rest of the internet didn't like that plan," Marlinspike writes. "We are considering ideas for a more robust system, but these ecosystem changes have happened very suddenly. [...] In the meantime, the censors in these countries will have (at least temporarily) achieved their goals. Sadly, they didn't have to do anything but wait."

Matthew Gault, reporting for Motherboard: The Federal Trade Commission put six companies on notice in early April for illegally telling customers that getting third-party repairs voids the warranty on their electronics. You've seen the stickers before and read the messages buried in end user license agreements. Plastered on the back of my PlayStation 4 is a little sticker that says "warranty void if removed." That's illegal. Motherboard has obtained copies of the letters via a Freedom of Information Act request and has learned the names of the six companies that were warned. They are Sony, Microsoft, Nintendo, Hyundai, HTC, and computer hardware manufacturer ASUS. The letters were sent by Lois Greisman, the FTC's associate director of marketing practices, on April 9; the FTC has given each company 30 days to change its official warranty policies and says that it may take legal action against the companies.

Facebook is introducing a new privacy tool called "clear history," CEO Mark Zuckerberg said Tuesday with a personal Facebook post. From a report: The tool will allow you to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account. The news came less within hours of the kickoff keynote at on Facebook's F8 developer conference, which is being held in San Jose. The mostly-annual conference began as a time for Facebook to announce major initiatives, such as its technology to connect user's accounts with websites around the web, as well as revamped designs for user's profile pages. In a statement, Zuckerberg said, "In your web browser, you have a simple way to clear your cookies and history. The idea is a lot of sites need cookies to work, but you should still be able to flush your history whenever you want. We're building a version of this for Facebook too. It will be a simple control to clear your browsing history on Facebook -- what you've clicked on, websites you've visited, and so on."

Iran has banned all use of the popular Telegram messaging app. The ban had been introduced to protect "national security," said a statement aired on state television. From a report: Iran had been considering the ban since January when protests over economic grievances erupted in more than 80 cities and later turned into demonstrations against the clerical and security elite of the Islamic Republic. Some hardline officials said protesters used Telegram to organize the rallies, which were ultimately contained by the Revolutionary Guards and their affiliated volunteer Basij militia. The app was temporarily blocked in January. "Considering various complaints against the Telegram social networking app by Iranian citizens, and based on the demand of security organizations to confront the illegal activities of Telegram, the judiciary has banned its usage in Iran," state TV reported. "All Internet providers in Iran must take steps to block Telegram's website and app as of April 30," the judiciary website Mizan quoted a court order as saying.

UK officials said Tuesday they will summon Facebook CEO Mark Zuckerberg to testify before Parliament the next time he's in British territory if he does not volunteer to do so. From a report: It would be the first governmental summons for Zuckerberg in the fallout of the Cambridge Analytica data leak and widespread concerns around user privacy. "It's worth noting that, while Mr. Zuckerberg does not normally come under the jurisdiction of the UK Parliament, he will do so the next time he enters the country," Damian Collins, a member of the UK Parliament, wrote in a letter published Tuesday. "There are over 40 million Facebook users in the UK and they deserve to hear accurate answers from the company he created and whether it is able to keep their users' data safe," Collins wrote.

Singapore's Changi airport, which is widely touted as one of the best airports in the world, is testing use of facial recognition systems to find late or lost passengers in the airport so they don't delay their flight for everyone else onboard. From a report: Changi Airport is looking at how it can use the latest technologies to solve many problems - from cutting taxiing times on the runway to quicker predictions of flight arrivals. It comes as the island state embarks on a 'smart nation' initiative to utilize technology to improve lives, create economic opportunity and build community ties. However the proposed use of cameras mounted on lampposts that are linked to facial recognition software has raised privacy concerns. Steve Lee, Changi Airport Group's chief information officer, told Reuters that the airport's experiments are not from a "big brother" perspective but solve real problems. "We have lots of reports of lost passengers...so one possible use case we can think of is, we need to detect and find people who are on the flight. Of course, with permission from the airlines," said Lee.

Earlier this month, Google announced it is discontinuing domain fronting, a practice that lets developers disguise their traffic to evade network blocks. Now, Amazon Web Services has announced a similar move to implement a new set of enhanced domain protections specifically designed to stop domain fronting. The Verge reports: In the post, Amazon characterized the change as an effort to stamp out malware. "Tools including malware can use this technique between completely unrelated domains to evade restrictions and blocks that can be imposed at the TLS/SSL layer," the post explained. "No customer ever wants to find that someone else is masquerading as their innocent, ordinary domain." Domain-fronting works by using major cloud providers as a kind of proxy, making a data request seem like it's heading to a major service like Google or Amazon only to be forwarded along to a third party once it reaches the broader internet. Unfortunately for circumvention tools, neither Amazon nor Google will let them pull that trick anymore. Amazon will still allow domain fronting within domains owned by the same customer (or more specifically, listed under the same SSL certificate), but customers can no longer use the technique to disguise where data is going, making it far less useful for blocked apps.

An anonymous reader writes: "A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking," reports Bleeping Computer. The vulnerabilities have been successfully tested and verified on Volkswagen Golf GTE and Audi A3 Sportback e-tron models. Researchers say they were able to hack the cars via both WiFi (remote vector) and USB (local vector) connections. Researchers hinted they could have also went after the cars' braking and acceleration system, but stopped due to fear of breaking VW's intellectual property on those systems. "Under certain conditions attackers could listen in to conversations the driver is conducting via a car kit, turn the microphone on and off, as well as gaining access to the complete address book and the conversation history," Computest researchers said in their paper. "Furthermore, due to the vulnerability, there is the possibility of discovering through the navigation system precisely where the driver has been, and to follow the car live wherever it is at any given time," researchers added. VW deployed patches.